<?php
/**
 * Copyright 2011  SURFfoundation
 * 
 * This file is part of ESCAPE.
 * 
 * ESCAPE is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * ESCAPE is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with ESCAPE.  If not, see <http://www.gnu.org/licenses/>.
 * 
 * For more information:
 * http://escapesurf.wordpress.com/
 * http://www.surffoundation.nl/
 * 
 * Contact: d.vierkant@utwente.nl
 * 
 * @license http://www.gnu.org/licenses/gpl.html GNU GPLv3
 */
?>
<?php
/*
 * ESCAPE configuration file. Make a copy of this file called and fill in the
 * URLs, usernames, passwords and keys below.
 * 
 * Don't forget to update 'proai_identify.xml' if you are using the oai provider.
 */

// server base URL (sub folders not allowed, without trailing slash)
$escape_config['server_url'] = 'http://escape.myuni.tld';

// connection to the Fedora database
$escape_config['fedora']['url'] = 'http://localhost:8080';
$escape_config['fedora']['username'] = 'fedoraAdmin';
$escape_config['fedora']['password'] = '***********';

// connection to the triple store
$escape_config['triplestore']['implementation_class'] = 'triplestore_sesame_Sesame';
$escape_config['triplestore']['params'] = array(
											'server_url' => 'http://localhost:8080/openrdf-sesame/repositories/escape',
											'username' => 'sesame',
											'password' => '*****',
										);

// initial administrator account (installed using /setup)
$escape_config['admin_username'] = 'admin';
$escape_config['admin_password'] = '***********';
$escape_config['admin_email'] = 'admin@my-uni.tld';

// prefixes for Fedora objects, need to be unique within a single Fedora instance (max length is 13 characters, allowed characters a-z0-9_-)
$escape_config['data_object_namespace'] = 'escape';
$escape_config['user_object_namespace'] = 'escape-user';
$escape_config['system_object_namespace'] = 'escape-system';

// ReCaptcha keys, create these at http://recaptcha.net/api/getkey?app=php
$escape_config['recaptcha_public_key'] = '***********';
$escape_config['recaptcha_private_key'] = '***********';


// set to true to enable users to reset their password
$escape_config['password_reset_enabled'] = false;
// encryption password used generating password reset links, set to a random string
$escape_config['password_reset_encryption_password'] = '***********';
// expiration timeout for password reset links (in seconds) 
$escape_config['password_reset_timeout'] = 7 * 24 * 60 * 60;
// sender email address for password reset emails
$escape_config['password_reset_from'] = 'no-reply@myuni.tld';


// redirect the homepage to a URL (for example an aggregation) instead of showing an aggregation list
// $escape_config['homepage_redirect'] = 'http://escape.myuni.tld/show/123';


// enable SAML
$escape_config['saml']['enabled'] = false;

// label used for linking to the SAML login page
$escape_config['saml']['label'] = 'MyUni login';

// SSO URL target URL of the identity provider
$escape_config['saml']['idp_sso_target_url'] = 'https://openidp.feide.no/simplesaml/saml2/idp/SSOService.php';

// public certificate of the identity provider
$escape_config['saml']['x509certificate'] = <<<ENDCERTIFICATE
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
ENDCERTIFICATE;

// service provider entity ID
$escape_config['saml']['issuer'] = '...';

// name ID format
$escape_config['saml']['name_identifier_format'] = 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent';

// ID mapping
// if undefined, the SAML ID is used
$escape_config['saml']['id_mapping'] = array(
	'eduPersonPrincipalName',
	'urn:oid:1.3.6.1.4.1.5923.1.1.1.6',
);

// ID translation
// if undefined, no translations are performed, valid ID characters are: a-z0-9._-
$escape_config['saml']['id_translation'] = array(
	array(
		'pattern' => '/[@]/',
		'replacement' => '-at-',
	),
);

// attribute mappings
// the attributes name and mbox are mandatory and should always be provided by the SAML response 
$escape_config['saml']['attribute_mappings'] = array(
	'http://xmlns.com/foaf/0.1/name' => array('cn', 'urn:oid:2.5.4.3', 'urn:mace:dir:attribute-def:displayName'),
	'http://xmlns.com/foaf/0.1/mbox' => array('mail', 'urn:oid:0.9.2342.19200300.100.1.3', 'urn:mace:dir:attribute-def:mail'),
	'http://purl.utwente.nl/ns/escape-system.owl#organization' => array('urn:mace:surffederatie.nl:attribute-def:nlEduPersonHomeOrganization', 'urn:mace:terena.org:attribute-def:schacHomeOrganization'),
	'http://purl.org/info:eu-repo/dai#daiId' => array('urn:mace:surffederatie.nl:attribute-def:nlDigitalAuthorIdentifier'),
);

// role mappings
// if undefined, no roles will be set / overwritten
$escape_config['saml']['role_mappings'] = array(
	'http://purl.utwente.nl/ns/escape-system.owl#Administrator' => array(
		'uid' => 'admin',
	),
	'http://purl.utwente.nl/ns/escape-system.owl#Creator' => array(
		'uid' => '/^example/',
	),
);

// if true, user roles are overwritten each time a user logs on, if false, new roles added but existing roles are not removed
$escape_config['saml']['role_overwrite'] = false;
